From owner-freebsd-questions Sat Jun 15 21:53:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mailhub-2.iastate.edu (mailhub-2.iastate.edu [129.186.140.4]) by hub.freebsd.org (Postfix) with ESMTP id 4D81637B41D for ; Sat, 15 Jun 2002 21:52:58 -0700 (PDT) Received: from mailout-2.iastate.edu (mailout-2.iastate.edu [129.186.140.2]) by mailhub-2.iastate.edu (8.9.3/8.9.3) with SMTP id XAA05755; Sat, 15 Jun 2002 23:52:53 -0500 From: rahermon@iastate.edu Received: from fw.student.iastate.edu(64.113.93.191) by mailout-2.iastate.edu via csmap id 19392; Sat, 15 Jun 2002 23:55:35 -0500 (CDT) To: Cc: Subject: RE: Your earlier maillog post Date: Sat, 15 Jun 2002 23:51:22 -0500 Message-ID: <000301c214f1$797108c0$8404a8c0@TheGetto> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <1024178619.47848.1.camel@Demon.Strobe.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The short answer is no. The stateful rule structure and the implications from mixing rule set types is beyond the scope of my knowledge, sorry. However, it seems that a connection to localhost is being refused and I assumed a rule is being match, finding that rule may revealed useful information. Try clearing the counters and then try to telnet to localhost 25. Look at the counters again and with a little luck the rule will reveal itself. You can also try mixing the rules just to find out if in fact the suggested change will fix the problem. If it does then I am sure a firewall guru in this list will be able to assist in re-writing the rules in the appropriate type. I will keep following the thread since the questions you presented are indeed interesting and I am curious to find the answer. Regards, Ramon > -----Original Message----- > From: Stacey Roberts [mailto:sroberts@dsl.pipex.com] > Sent: Saturday, June 15, 2002 5:04 PM > To: rahermon@iastate.edu > Cc: FreeBSD-Questions > Subject: RE: Your earlier maillog post > > > Hi Ramon, > Thanks for the suggestions. > > I've got a couple of questions on those rules you included in > your last reply. > > I use advanced stateful rules on this machine, and what > you've suggested doesn't appear to be of the same structure > as the ones I use here. I've always understood that its > generally a bad idea to mix rule base types. Is this your > understanding as well? > > So then, what I'm asking is if you've any suggestions on > re-writing these so that they fit into a stateful rule structure. > > > > On Thu, 2002-06-13 at 03:19, rahermon@iastate.edu wrote: > > I was looking at the ipfw rules on your post "IPFW error, > help?" and I > > did not notice the following which can explain access denied to > > localhost. > > > > # Allow loopbacks, deny imposters > > ${fwcmd} add 100 pass all from any to any via lo0 > > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > > # Stop spoofing > > ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} > > ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} > > > > The above are just after flush on my rules. But my definitions are > > before, I guess what I am trying to say is that just make sure the > > above rules are the first rules. > > > > Regards, > > Ramon > > > > > -----Original Message----- > > > From: owner-freebsd-questions@FreeBSD.ORG > > > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of > S. Roberts > > > Sent: Wednesday, June 12, 2002 1:30 AM > > > To: rahermon@cs.iastate.edu > > > Cc: FreeBSD-Questions > > > Subject: re: Your earlier maillog post > > > > > > > > > Hi, > > > I stumbled across your post in the archives. I'm seeing > > > exactly the same formatted messages in the maillog of a box > > > here as well: Jun 12 07:03:38 sm-msp-queue[96453]: > > > g5766juA092113: to=root, delay=4+23:56:53, xdelay=00:00:00, > > > mailer=relay, pri=22287174, relay=localhost.., > > > dsn=4.0.0, stat=Deferred: Permission denied ~ $ > > > > > > I wanted to find out if you had gotten an explanation, or > > > positive response to your query in the end. I tried sending a > > > query to Sendmail.org but couldn't get any joy there either. > > > > > > Do let me know, please > > > Regards, > > > Stacey > > > > > > ok. Maybe if I take it one step at a time. Can anyone tell me > > > what this means. > > > > > > May 31 15:46:04 FW sm-msp-queue[442]: g4R84JFE000560: > > > to=root, ctladdr=root (0/0), delay=4+12:41:45, > > > xdelay=00:00:00, mailer=relay, pri=18390056, > > > relay=localhost.rhbsd.dhs.org., dsn=4.0.0, stat=Deferred: > > > Permission denied > > > > > > Thaks. > > > -- > > > Stacey Roberts B.Sc. (HONS) Computer Science > > > Network Systems Engineer > > > > > > > > > > -- > Stacey Roberts B.Sc. (HONS) Computer Science > Network Systems Engineer > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message